US Army Follows Navy in Banning TikTok App: Report

The U.S. Army is following the lead of the Navy in banning soldiers from using TikTok, a Chinese-made video sharing and social media app, on their government-issued phones, according to the news site Military.com.

Lawmakers have raised national security concerns about The TikTok app, owned by Beijing-based ByteDance Technology.

In guidance issued Dec. 16, the Defense Department, in a "Cyber Awareness Message," identified TikTok as having "potential security risks associated with its use" and requested that military personnel remove the app from government-issued phones, according to Military.com. "Be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information," the DoD guidance states.

Although the Navy has also announced a ban, it's not clear if other military branches banned TikTok, Military.com reports.

Speaking about TikTok, Lt. Col. Robin Ochoa, an Army spokesperson, told Military.com: "It is considered a cyberthreat. We do not allow it on government phones."

National Security Concerns

In October, U.S. senators Tom Cotton, R-Ark., and Chuck Schumer, D-N.Y., wrote a letter to Acting Director of National Intelligence Joseph Maguire requesting that the U.S. intelligence community conduct an assessment of the security risks posed by TikTok as well as other Chinese content platforms in the U.S.

The two lawmakers also requested a congressional briefing.

In the letter to Maguire, the senators raised privacy concerns regarding the processing of personally identifiable data belonging to TikTok customers in the U.S., and they alleged the app may be susceptible to foreign influence campaigns, including election meddling.

"While the company has stated that TikTok does not operate in China and stores U.S. user data in the U.S., ByteDance is still required to adhere to the laws of China," the senators note. "The platform is also a potential target of foreign influence campaigns like those carried out during the 2016 election on U.S.-based social media platforms."

The letter from the two senators has also prompted the Committee on Foreign Investment in the United States, which reviews potential security risks of acquisitions of U.S.-based firms by foreign companies, to examine ByteDance's acquisition of an American-based social media app Musical.ly in 2017 and whether the company should divest that acquisition, according to Reuters.

Pushing Back

With U.S. lawmakers now scrutinizing TikTok, parent company ByteDance is attempting to make the case that the app does not pose a security threat.

On Dec. 30, ByteDance released its first-ever transparency report about TikTok, which covers requests made by government agencies and law enforcement for information from the platform as well as requests that the company remove certain content. This report covers the first six months of 2019.

"Just like other tech companies, occasionally we are presented with requests from various official bodies, such as government agencies or law enforcement officials, asking us to take certain actions at their behest," according to the report. "These include requests to take down content deemed to be in violation of local laws, or to provide information related to accounts under certain defined circumstances, such as to assist in a criminal investigation or emergency request."

ByteDance says it's hired the law firm K&L Gates LLP to help strengthen its data protection policies, according to a letter published in October.

About the Author

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;